"For example, in 2022, the US Securities and Exchange Commission fined Morgan Stanley Smith Barney (MSSB) $35 million for failing to properly dispose of devices that contained personally identifiable information (PII)"
"Because MSSB didn't properly oversee its vendor, the moving company sold 4,900 different assets, which included unwiped hard drives that contained thousands of instances of PII on them. The Office of the Comptroller of Currency (OCC) fined Morgan Stanley an additional $60 million and the company settled a class action suit for another $60 million [PDF], bringing its total liability to $155 million."
With Windows 10 support ending and many organizations refreshing hardware, decommissioned systems require secure drive erasure to prevent data exposure. Failure to ensure proper disposal can result in severe regulatory fines and legal damages. Morgan Stanley Smith Barney incurred unwiped devices containing thousands of PII instances after a vendor mishandled disposal, leading to a $35M SEC fine, a $60M OCC fine, and a $60M class-action settlement totaling $155M. Simply offloading disposal to third parties does not absolve the original owner of liability. Strong vendor oversight and verified data-wiping procedures are essential during fleet refreshes.
Read at Theregister
Unable to calculate read time
Collection
[
|
...
]